Changeflow GovPing Data Privacy & Cybersecurity City of London Police Reprimanded for Data Prot...
Priority review Enforcement Amended Final

City of London Police Reprimanded for Data Protection Failures

Favicon for ico.org.uk ICO Enforcement
Filed February 20th, 2026
Detected March 18th, 2026
Email

Summary

The UK's Information Commissioner's Office (ICO) has issued a reprimand to the Commissioner of Police for the City of London for failing to respond to Subject Access Requests (SARs) within statutory timeframes. This action highlights data protection obligations for law enforcement agencies.

View original document View source feed page

What changed

The Information Commissioner's Office (ICO) has issued a formal reprimand to the Commissioner of Police for the City of London (COLP). The reprimand stems from COLP's failure to meet its data protection obligations concerning Subject Access Requests (SARs), specifically by not responding within the statutory timeframes between April 1, 2023, and July 31, 2025. This contravenes Article 12(3) of the UK GDPR and Section 45(3) of the Data Protection Act 2018.

This enforcement action serves as a significant warning to law enforcement agencies regarding their compliance with data protection laws, particularly the timely handling of SARs. While this is a reprimand and not a monetary penalty, it signifies a failure in data protection duties. The City of London Police must review and improve its internal processes for handling SARs to ensure compliance with UK GDPR and DPA 2018 requirements to avoid further regulatory action.

What to do next

  1. Review internal processes for handling Subject Access Requests (SARs).
  2. Ensure all SARs are responded to within the statutory timeframes stipulated by UK GDPR and DPA 2018.
  3. Implement training for relevant staff on data protection obligations related to SARs.

Penalties

Reprimand issued.

Source document (simplified)

The Commissioner of Police for the City of London

  • Date 20 February 2026
  • Type Reprimands
  • Sector Criminal justice A reprimand has been issued to The Commissioner of Police for the City of London (COLP), after it failed to meet its data protection obligations in responding to SARs within the statutory timeframe during the period 1 April 2023 to 31 July 2025, thereby contravening Article 12(3) UK GDPR and s45(3) DPA 2018.

Related changes

Favicon for ico.org.uk Cumbria Constabulary Information Notice
Routine Mar 18, 2026 ICO Enforcement Data Privacy & Cybersecurity
Favicon for ico.org.uk Data Theft Conviction: Munro and Chipoma Sentenced
Urgent Mar 18, 2026 ICO Enforcement Data Privacy & Cybersecurity
Favicon for ico.org.uk ICO Enforcement Action Against North Tees NHS Trust
Priority review Mar 18, 2026 ICO Enforcement Data Privacy & Cybersecurity
Favicon for dojmt.gov Montana AG Statement on TikTok Lawsuit Dismissal
Routine Mar 18, 2026 AG: Montana News Courts & Legal
Favicon for www.bfdi.bund.de Global Privacy Assembly Adopts Resolution on Trustworthy International Data Traffic
Routine Mar 17, 2026 BfDI Press Releases (Germany DPA) Data Privacy & Cybersecurity
Favicon for www.bfdi.bund.de BfDI Welcomes EDPB GDPR Guidelines on Legitimate Interest
Priority review Mar 17, 2026 BfDI Press Releases (Germany DPA) Data Privacy & Cybersecurity

Source

Favicon for ico.org.uk
ICO Enforcement ico.org.uk/action-weve-taken/enforcement
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
ICO
Filed
February 20th, 2026
Instrument
Enforcement
Legal weight
Binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Law enforcement Government agencies
Geographic scope
National (UK)

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Topics
Criminal Justice Public Administration

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 179 Consumer Protection 35 Courts & Legal 210 Data Privacy & Cybersecurity 59 Defense & National Security 48 Education 20 Energy 94 Environment 81 Government & Legislation 240 Healthcare 106 Housing 15 Immigration 8 Insurance 17 Labor & Employment 107 Pharma & Drug Safety 68 Securities & Markets 73 Tax 48 Telecom & Technology 34 Trade & Sanctions 122 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when ICO Enforcement publishes new changes.

Free. Unsubscribe anytime.